Your IP : 216.73.216.40
<?php
$id = $_REQUEST["id"];
$message = htmlsafe($_POST["message"]);
$sender = htmlsafe($_POST["sender"]);
$email = htmlsafe($_POST["email"]);
$ipaddress = $_SERVER["REMOTE_ADDR"];
//$reply = htmlsafe($_POST["reply"]);
$reply = $_POST["reply"];
$submit = $_POST["submit"];
$pg = $_REQUEST["pg"];
if (!$pg) $pg = 1;
$tbl = "feedback";
echo "Your feedback is important for us to improve upon the services of your need.
Please submit complete information. Your email is must to receive our response. Thanks.
<br><b><u>
Alert: Your IP Address will be recorded with submitted details, so kindly avoid throwing garbage on this site.
</u></b><br><br>";
if ($submit == 'SEND' && $message && $sender && $email) {
if (check_email($email)) {
if (mysql_num_rows(mysql_query("select * from $tbl where id=$id"))) {
mysql_query("update $tbl set message='$message',sender='$sender',email='$email'
,ipaddress='$ipaddress' where id=$id");
} else {
mysql_query("insert into $tbl(message,sender,email,ipaddress,dated)
values('$message','$sender','$email','$ipaddress',now())");
}
} else {
echo "<b>Wrong email address</b>";
}
} else if ($submit == 'SAVE & MAIL') {
mysql_query("update $tbl set reply='$reply' where id=$id");
$rs = mysql_query("select * from $tbl where id=$id");
if (mysql_num_rows($rs)) {
$o = mysql_fetch_object($rs);
$email = $o->email;
}
if ($email) sendmail($email,"Thanks for your feedback",$reply);
} else if ($action == "del") {
mysql_query("delete from $tbl where id=$id");
}
echo "<table class='search' width='98%'>";
if (!$id) {
echo "<table class=normal width='90%'>
<tr valign='top'><td>Feedback<br>(in 500 words)<br>
For query pl. visit<br><a href='inner.php?conf=rtiquery'>Query & RTI</a></td>
<td><textarea name='message' rows='5' cols='50'>".$message."</textarea></td></tr>
<tr><td nowrap>Full Name</td>
<td><input type='text' name='sender' value='".$sender."' size='50'></td></tr>
<tr><td nowrap>Valid Email</td>
<td><input type='text' name='email' value='".$email."' size='50'>
<input type='submit' name='submit' value='SEND'><br>
Feedback with <u>fake email</u> will be rejected</td></tr>";
} else {
echo "<tr><td>[ <a href='$PHP_SELF?conf=$conf&id='>New feedback</a> ]</td></tr>";
}
echo "</table>";
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl order by dated desc,id");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$total = $tro->t;
if ($total > 10) {
echo "<br><div class=notice>Pages: [ ";
for($i=1; $i<=ceil($total/10); $i++) {
if ($i == $pg) echo "<b>$i</b> ";
else echo "<a href='$PHP_SELF?conf=$conf&pg=$i'>$i</a> ";
}
echo "]</div>";
}
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where reply='' order by dated desc,id");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$pending = $tro->t;
$i = 0;
echo "<b>Posted Feedback</b> (Total: $total / Pending: $pending)<ul>";
$start = (($pg - 1) * 10);
$rs = mysql_query("select * from $tbl order by dated desc,id LIMIT $start,10");
while($o = mysql_fetch_object($rs)) {
$start++;
echo "<li><b>$o->id)</b> $o->message
<div align='right'><i><b>By $o->sender ($o->email, $o->ipaddress) Dated: $o->dated</b></i></div>
<b>Reply:</b> ";
if ($o->reply) echo $o->reply.' '; else echo "Awaited ";
if ($role == 'admin') {
if ($action == 'reply' && $id == $o->id) {
echo "<textarea name='reply' rows='5' cols='60'>$o->reply</textarea>
<input type='hidden' name='id' value='$o->id'><br>
<input type='submit' name='submit' value='SAVE & MAIL'> ";
} else if ($o->reply) {
echo "[ <a href='$PHP_SELF?conf=$conf&action=reply&id=$o->id&pg=$pg'>Edit</a> ]";
} else {
echo "[ <a href='$PHP_SELF?conf=$conf&action=reply&id=$o->id&pg=$pg'>Compose</a> ]";
}
echo "[ <a href='$PHP_SELF?conf=$conf&action=del&id=$o->id&pg=$pg'>Delete</a> ]";
}
echo "<br><br></li>";
}
echo "</ul>";
?>